From 5b1f4e739c9027cce59ecff662f4444d8f2aa185 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Mon, 17 Dec 2007 06:02:45 +0000
Subject: [PATCH] wp_set_password(). see #2394

git-svn-id: https://develop.svn.wordpress.org/trunk@6396 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-includes/pluggable.php | 24 ++++++++++++++++--------
 wp-login.php              |  4 +---
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index 46b877d42a..ba7474a2fa 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -304,24 +304,21 @@ function wp_login($username, $password, $deprecated = false) {
 		return false;
 	}
 
-	$login = get_userdatabylogin($username);
+	$user = get_userdatabylogin($username);
 
-	if ( !$login || ($login->user_login != $username) ) {
+	if ( !$user || ($user->user_login != $username) ) {
 		$error = __('<strong>ERROR</strong>: Invalid username.');
 		return false;
 	}
 
-	if ( !wp_check_password($password, $login->user_pass) ) {
+	if ( !wp_check_password($password, $user->user_pass) ) {
 		$error = __('<strong>ERROR</strong>: Incorrect password.');
 		return false;
 	}
 
 	// If using old md5 password, rehash.
-	if ( strlen($login->user_pass) <= 32 ) {
-		$hash = wp_hash_password($password);
-		$wpdb->query("UPDATE $wpdb->users SET user_pass = '$hash', user_activation_key = '' WHERE ID = '$login->ID'");
-		wp_cache_delete($login->ID, 'users');
-	}
+	if ( strlen($user->user_pass) <= 32 )
+		wp_set_password($password, $user->ID);
 
 	return true;
 }
@@ -770,6 +767,17 @@ function wp_generate_password() {
 }
 endif;
 
+if ( !function_exists('wp_set_password') ) :
+function wp_set_password( $password, $user_id ) {
+	global $wpdb;
+
+	$hash = wp_hash_password($password);
+	$query = $wpdb->prepare("UPDATE $wpdb->users SET user_pass = %s, user_activation_key = '' WHERE ID = %d", $hash, $user_id);
+	$wpdb->query($query);
+	wp_cache_delete($user_id, 'users');
+}
+endif;
+
 // Deprecated. Use wp_set_auth_cookie()
 if ( !function_exists('wp_setcookie') ) :
 function wp_setcookie($username, $password = '', $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
diff --git a/wp-login.php b/wp-login.php
index 23dc9f76e7..cda6a5a9ec 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -184,9 +184,7 @@ case 'rp' :
 
 	// Generate something random for a password...
 	$new_pass = wp_generate_password();
-	$new_hash = wp_hash_password($new_pass); 
-	$wpdb->query("UPDATE $wpdb->users SET user_pass = '$new_hash', user_activation_key = '' WHERE ID = '$user->ID'");
-	wp_cache_delete($user->ID, 'users');
+	wp_set_password($new_pass, $user->ID);
 	$message  = sprintf(__('Username: %s'), $user->user_login) . "\r\n";
 	$message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";
 	$message .= get_option('siteurl') . "/wp-login.php\r\n";